devon-sil
commented
6 months ago No longer using whitesource & this is too far out of date.
Closed mend-bolt-for-github[bot] closed 6 months ago
devon-sil
commented
6 months ago No longer using whitesource & this is too far out of date.
CVE-2021-22878 - Medium Severity Vulnerability
rlanvin/php-ip-v1.0.1
IPv4/IPv6 manipulation library for PHP
Dependency Hierarchy: - silinternational/email-service-php-client-2.2.0 (Root Library) - :x: **rlanvin/php-ip-v1.0.1** (Vulnerable Library)
silinternational/psr3-adapters-1.1.0
Various PSR3-compatible logging adapters.
Dependency Hierarchy: - :x: **silinternational/psr3-adapters-1.1.0** (Vulnerable Library)
paragonie/random_compat-v9.99.99
PHP 5.x support for random_bytes() and random_int()
Dependency Hierarchy: - ramsey/uuid-3.9.3 (Root Library) - :x: **paragonie/random_compat-v9.99.99** (Vulnerable Library)
psr/http-message-1.0.1
The purpose of this PSR is to provide a set of common interfaces for HTTP messages as described in RFC 7230 and RFC 7231
Dependency Hierarchy: - guzzlehttp/guzzle-6.5.5 (Root Library) - guzzlehttp/psr7-1.7.0 - :x: **psr/http-message-1.0.1** (Vulnerable Library)
guzzlehttp/command-1.0.0
Provides the foundation for building web service clients with Guzzle
Dependency Hierarchy: - silinternational/email-service-php-client-2.2.0 (Root Library) - guzzlehttp/guzzle-services-1.1.3 - :x: **guzzlehttp/command-1.0.0** (Vulnerable Library)
silinternational/yii2-email-log-target-1.0.1
Custom version of yii\log\EmailTarget to exclude trace information from messages
Dependency Hierarchy: - :x: **silinternational/yii2-email-log-target-1.0.1** (Vulnerable Library)
silinternational/php-env-2.1.1
Utility class for working with environment variables in PHP that handles 'true', 'false', and 'null' more intelligently.
Dependency Hierarchy: - :x: **silinternational/php-env-2.1.1** (Vulnerable Library)
guzzlehttp/guzzle-services-1.1.3
Provides an implementation of the Guzzle Command library that uses Guzzle service descriptions to describe web services, serialize requests, and parse responses into easy to use model structures.
Dependency Hierarchy: - silinternational/email-service-php-client-2.2.0 (Root Library) - :x: **guzzlehttp/guzzle-services-1.1.3** (Vulnerable Library)
psr/cache-1.0.1
Dependency Hierarchy: - google/apiclient-v2.9.1 (Root Library) - google/auth-v1.15.0 - :x: **psr/cache-1.0.1** (Vulnerable Library)
cebe/markdown-1.2.1
A super fast, highly extensible markdown parser for PHP
Dependency Hierarchy: - yiisoft/yii2-gii-2.2.1 (Root Library) - yiisoft/yii2-2.0.40 - :x: **cebe/markdown-1.2.1** (Vulnerable Library)
psr/container-1.0.0
Dependency Hierarchy: - behat/behat-v3.8.1 (Root Library) - :x: **psr/container-1.0.0** (Vulnerable Library)
Found in HEAD commit: 216a7edc0ce9cadfd5d7a3d595779b49ad73f8c2
Found in base branch: develop
Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`.
Publish Date: 2021-03-03
URL: CVE-2021-22878
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: High - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: Low - Availability Impact: Low
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://nextcloud.com/security/advisory/?id=NC-SA-2021-005
Release Date: 2021-03-03
Fix Resolution: v20.0.6
Step up your Open Source Security Game with WhiteSource here